32.0.0 Black Diamond
IR
433045
CloudBasic
08:12:19
11/06/2021
Request For Quotation And Starting A new Businesss Relationship With Producestrade.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
7792ed45165589f6518121b7015dc516
c0ce682e0f3561e3a7540c15e5cc08e69c0ab53a
2dbc1e319c840368cea5d83819feafbfaec855e245438e8e50105c464c422953
Win32 Executable (generic) Net Framework (10011505/4) 49.80%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Request For Quotation And Starting A new Businesss Relationship With Producestrade.exe.log
true
FED34146BF2F2FA59DCF8702FCC8232E
B03BFEA175989D989850CF06FE5E7BBF56EAA00A
123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
C:\Users\user\AppData\Local\Temp\tmpDAD0.tmp
true
CCF95DC96B7BD87A01055032CE0CD57A
10B8216829D3DD59A64A4A5F7ABB344501A79201
75F1F589EC1E5F1837421327A67518EBE99E02FFD7A2B2C3BCD92565A87ACE28
C:\Users\user\AppData\Roaming\XzPoCGKinsp.exe
true
7792ED45165589F6518121B7015DC516
C0CE682E0F3561E3A7540C15E5CC08E69C0AB53A
2DBC1E319C840368CEA5D83819FEAFBFAEC855E245438E8E50105C464C422953
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains very large array initializations
.NET source code contains very large strings
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AgentTesla
Yara detected AntiVM3